::If you have a good password its no less safe to log in with ssh ::than it is to su after login. The password is sent encrytped. Not neccesarily true. Remember that your usename is still an unknown and as such brute force/dictionary type attacks for access are likely to succeed quite quickly direct to superuser status, whereas if you have zero root access via ssh and use sudo or allow su to root you will still have a number of pitfalls for the would be attacker. eg. SSH login: user1 user1 has rights to su user2 but no admin rights or access to sudo user2 has rights to use sudo but also no admin rights sudo can be configured to allow for specific command sets only. This means attacker needs to crack two usename password sets before getting any admin type access, but still no access to superuser. How secure do you want your host to be?